3.2
中危
46 个模型检测该样本为恶意!
重新分析
更多

b6815b7c6bd39d114da295e839d472997b073db3d57429aadad20bb73c7b47c2

9ba1149497898221f41d5261e8d89262.exe

分析耗时

80s

最近分析

文件大小

332.2KB
静态报毒 动态报毒 ADVANCEDSYSTEMCARE AKMT CLASSIC CRYPTERX EHLS ENCPK GOZI GRAYWARE HIGH CONFIDENCE HNQHVY ILEZ KCLOUD KRYPTIK MALCERT MALWARE@#2DTMP1AVRR6FS MINT R + MAL R355146 SCORE SIG1 SNIFULA TRICKBOT UNSAFE URSNIF YAKES ZAMG ZENPAK 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Packed-GCB!9BA114949789 20201211 6.0.6.653
CrowdStrike 20190702 1.0
Avast Win32:CrypterX-gen [Trj] 20201210 21.1.5827.0
Alibaba TrojanSpy:Win32/Yakes.08d906c3 20190527 0.3.0.5
Tencent 20201211 1.0.0.1
Baidu 20190318 1.0.0.2
Kingsoft Win32.Troj.Yakes.(kcloud) 20201211 2017.9.26.565
静态指标
Queries for the computername (3 个事件)
Time & API Arguments Status Return Repeated
1619800731.127249
GetComputerNameW
computer_name:
failed 0 0
1619800731.127249
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619800731.361249
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
This executable is signed
The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)
resource name MAD
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (3 个事件)
Time & API Arguments Status Return Repeated
1619800708.627249
NtAllocateVirtualMemory
process_identifier: 2264
region_size: 163840
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x003d0000
success 0 0
1619800730.799249
NtAllocateVirtualMemory
process_identifier: 2264
region_size: 159744
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00460000
success 0 0
1619800730.799249
NtProtectVirtualMemory
process_identifier: 2264
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 73728
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
Foreign language identified in PE resource (16 个事件)
name RT_ICON language LANG_CHINESE offset 0x0005124c filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x0005124c filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x0005124c filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x0005124c filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x0005124c filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x0005124c filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_ICON language LANG_CHINESE offset 0x0005124c filetype GLS_BINARY_LSB_FIRST sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000468
name RT_RCDATA language LANG_CHINESE offset 0x00052ab0 filetype XML 1.0 document, ASCII text, with CRLF line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000043e
name RT_RCDATA language LANG_CHINESE offset 0x00052ab0 filetype XML 1.0 document, ASCII text, with CRLF line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000043e
name RT_RCDATA language LANG_CHINESE offset 0x00052ab0 filetype XML 1.0 document, ASCII text, with CRLF line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000043e
name RT_RCDATA language LANG_CHINESE offset 0x00052ab0 filetype XML 1.0 document, ASCII text, with CRLF line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000043e
name RT_RCDATA language LANG_CHINESE offset 0x00052ab0 filetype XML 1.0 document, ASCII text, with CRLF line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000043e
name RT_RCDATA language LANG_CHINESE offset 0x00052ab0 filetype XML 1.0 document, ASCII text, with CRLF line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000043e
name RT_RCDATA language LANG_CHINESE offset 0x00052ab0 filetype XML 1.0 document, ASCII text, with CRLF line terminators sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000043e
name RT_GROUP_ICON language LANG_CHINESE offset 0x00052ef0 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x00000068
name RT_VERSION language LANG_CHINESE offset 0x00052f58 filetype data sublanguage SUBLANG_CHINESE_SIMPLIFIED size 0x0000031c
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
File has been identified by 46 AntiVirus engines on VirusTotal as malicious (46 个事件)
Bkav W32.malware.sig1
Elastic malicious (high confidence)
DrWeb Trojan.Gozi.703
MicroWorld-eScan Trojan.Mint.Zamg.O
FireEye Generic.mg.9ba1149497898221
McAfee Packed-GCB!9BA114949789
Malwarebytes PUP.Optional.AdvancedSystemCare
VIPRE Trojan.Win32.Generic!BT
AegisLab Trojan.Win32.Yakes.4!c
Sangfor Malware
K7AntiVirus Riskware ( 0049f6ae1 )
BitDefender Trojan.Mint.Zamg.O
K7GW Riskware ( 0049f6ae1 )
Arcabit Trojan.Mint.Zamg.O
Cyren W32/Trojan.ILEZ-4941
Symantec Infostealer.Snifula
APEX Malicious
Avast Win32:CrypterX-gen [Trj]
Cynet Malicious (score: 100)
Kaspersky HEUR:Trojan-Banker.Win32.Gozi.vho
Alibaba TrojanSpy:Win32/Yakes.08d906c3
NANO-Antivirus Trojan.Win32.Yakes.hnqhvy
Ad-Aware Trojan.Mint.Zamg.O
Sophos Mal/Generic-R + Mal/EncPk-APV
Comodo Malware@#2dtmp1avrr6fs
McAfee-GW-Edition Packed-GCB!9BA114949789
Emsisoft MalCert.A (A)
Jiangmin Trojan.Banker.Gozi.ayp
Webroot W32.Trickbot.Gen
Antiy-AVL GrayWare/Win32.Kryptik.ehls
Kingsoft Win32.Troj.Yakes.(kcloud)
Microsoft Trojan:Win32/Ursnif.C!MTB
ZoneAlarm HEUR:Trojan-Banker.Win32.Gozi.vho
GData Trojan.Mint.Zamg.O
AhnLab-V3 Malware/Win32.RL_Trojanspy.R355146
VBA32 Trojan.Yakes
ALYac Trojan.Mint.Zamg.O
Cylance Unsafe
Panda Trj/CI.A
ESET-NOD32 Win32/Spy.Ursnif.CZ
Rising Trojan.Kryptik!1.C93E (CLASSIC)
Fortinet W32/Zenpak.AKMT!tr
AVG Win32:CrypterX-gen [Trj]
Cybereason malicious.fa8ba6
Paloalto generic.ml
Qihoo-360 Win32/Trojan.867
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2000-01-08 19:23:35

Imports

Library KERNEL32.dll:
0x4324b8 CompareStringW
0x4324bc CompareStringA
0x4324c0 GetStringTypeW
0x4324c4 GetStringTypeA
0x4324c8 LCMapStringW
0x4324cc LCMapStringA
0x4324d0 FlushFileBuffers
0x4324d4 IsValidCodePage
0x4324d8 GetOEMCP
0x4324dc GetACP
0x4324e0 GetModuleHandleA
0x4324f4 WaitForSingleObject
0x4324f8 Sleep
0x4324fc CreateMutexA
0x432500 ReleaseMutex
0x432504 CreateThread
0x432508 CreateFileA
0x43250c WriteFile
0x432514 GetFileAttributesA
0x432518 CreateDirectoryA
0x43251c CloseHandle
0x432520 GetCurrentProcessId
0x432524 SetPriorityClass
0x43252c FindFirstFileA
0x432530 FindClose
0x432534 GetLocalTime
0x432538 FindNextFileA
0x432540 SetEvent
0x432548 GetTickCount
0x43254c FormatMessageA
0x432550 OpenProcess
0x432554 CreateEventA
0x432558 ReadFile
0x43255c GetLastError
0x432560 ResetEvent
0x432564 LocalAlloc
0x432568 DeviceIoControl
0x432570 LocalFree
0x432574 SetFilePointer
0x43257c GetConsoleCP
0x432580 MultiByteToWideChar
0x432584 RaiseException
0x43258c LoadLibraryA
0x432590 GetCPInfo
0x432594 HeapSize
0x43259c GetCurrentThreadId
0x4325a0 SetLastError
0x4325a8 TlsFree
0x4325ac TlsSetValue
0x4325b0 TlsAlloc
0x4325b4 TlsGetValue
0x4325b8 GetFileType
0x4325bc SetHandleCount
0x4325c0 GetModuleFileNameA
0x4325c4 GetStdHandle
0x4325c8 HeapReAlloc
0x4325cc VirtualAlloc
0x4325d4 VirtualFree
0x4325dc HeapCreate
0x4325e0 IsDebuggerPresent
0x4325ec GetCurrentProcess
0x4325f0 TerminateProcess
0x4325f4 RtlUnwind
0x4325f8 GetStartupInfoA
0x4325fc GetCommandLineA
0x432600 MoveFileA
0x432608 ExitProcess
0x43260c GetProcAddress
0x432610 GetModuleHandleW
0x432618 WideCharToMultiByte
0x432624 HeapAlloc
0x432628 HeapFree
0x43262c SetStdHandle
0x432630 GetLocaleInfoA
0x432634 WriteConsoleA
0x432638 GetConsoleOutputCP
0x43263c WriteConsoleW
0x432640 SetEndOfFile
0x432644 GetProcessHeap
0x432648 GetConsoleMode
0x43264c DeleteFileA
0x432654 DeleteTimerQueue
0x432658 LockFile
0x43265c VerLanguageNameA
0x432668 TerminateThread
0x43266c WriteProfileStringW
0x432670 CommConfigDialogA
0x432678 SetConsoleCursor
0x43267c SearchPathW
0x432680 Process32First
0x43268c WaitForDebugEvent
0x432690 ReadConsoleA
0x432694 _hwrite
0x4326a0 ResetWriteWatch
0x4326a4 CreateMailslotA
0x4326a8 IsBadHugeWritePtr
0x4326ac CommConfigDialogW
0x4326b0 GetThreadTimes
0x4326b8 GlobalMemoryStatus
0x4326bc GetExitCodeProcess
0x4326c0 FindResourceExW
0x4326c8 GetBinaryTypeA
0x4326cc EnumUILanguagesA
0x4326d4 SetCommConfig
0x4326d8 SetWaitableTimer
0x4326dc SetFileApisToOEM
0x4326e8 SetConsoleMode
0x4326ec EnumDateFormatsA
0x4326f0 lstrlenW
0x4326f4 lstrcmpA
0x4326f8 WriteProcessMemory
0x432700 VirtualQueryEx
0x432704 VirtualQuery
0x432708 VirtualProtectEx
0x43270c VirtualProtect
0x432710 UnmapViewOfFile
0x432714 SuspendThread
0x432718 SizeofResource
0x43271c SetThreadPriority
0x432720 SetThreadContext
0x432728 SetErrorMode
0x43272c ResumeThread
0x432730 ReleaseSemaphore
0x432734 ReadProcessMemory
0x43273c PulseEvent
0x432740 OutputDebugStringW
0x432744 OpenMutexW
0x432748 OpenFileMappingA
0x43274c OpenEventA
0x432750 MulDiv
0x432754 MapViewOfFile
0x432758 LockResource
0x43275c LoadResource
0x432760 LoadLibraryExA
0x432764 LoadLibraryExW
0x432768 LoadLibraryW
0x432770 GlobalUnlock
0x432774 GlobalSize
0x432778 GlobalReAlloc
0x43277c GlobalHandle
0x432780 GlobalLock
0x432784 GlobalFree
0x432788 GlobalFindAtomW
0x43278c GlobalDeleteAtom
0x432790 GlobalAlloc
0x432794 GlobalAddAtomW
0x4327a0 GetVersionExA
0x4327a4 GetVersionExW
0x4327a8 GetVersion
0x4327ac GetThreadPriority
0x4327b0 GetThreadLocale
0x4327b4 GetThreadContext
0x4327b8 GetTempPathW
0x4327bc GetSystemTime
0x4327c0 GetSystemDirectoryA
0x4327c4 GetSystemDirectoryW
0x4327c8 GetStartupInfoW
0x4327cc GetProcessVersion
0x4327d4 GetPriorityClass
0x4327d8 GetModuleFileNameW
0x4327dc GetLogicalDrives
0x4327e0 GetFileSize
0x4327e4 GetFileAttributesW
0x4327e8 GetExitCodeThread
0x4327ec GetDriveTypeW
0x4327f0 GetCurrentThread
0x4327f4 FreeResource
0x4327f8 FreeLibrary
0x4327fc FormatMessageW
0x432800 FindResourceA
0x432804 FindResourceW
0x432808 FindNextFileW
0x43280c FindFirstFileW
0x432814 EnumResourceNamesW
0x432818 DuplicateHandle
0x43281c DeleteFileW
0x432820 CreateSemaphoreW
0x432824 CreateProcessW
0x432828 CreateMutexW
0x43282c CreateFileMappingA
0x432830 CreateFileMappingW
0x432834 CreateFileW
0x432838 CreateEventW
Library USER32.dll:
0x432840 PostThreadMessageA
0x432844 EndPaint
0x432848 DestroyWindow
0x43284c GetMessageA
0x432850 SetTimer
0x432854 InsertMenuItemA
0x432858 RegisterClassExA
0x43285c PostQuitMessage
0x432860 SendDlgItemMessageA
0x432864 TrackPopupMenu
0x432868 SendNotifyMessageA
0x43286c KillTimer
0x432870 DrawTextA
0x432874 SetForegroundWindow
0x432878 LoadIconA
0x43287c GetClientRect
0x432880 CreateMenu
0x432884 SendMessageA
0x432888 BeginPaint
0x43288c GetDC
0x432890 MessageBoxA
0x432894 InvalidateRect
0x432898 CreateWindowExA
0x43289c ReleaseDC
0x4328a0 EnableMenuItem
0x4328a8 GetDlgItem
0x4328ac EndDialog
0x4328b0 DefWindowProcA
0x4328b4 SetWindowPos
0x4328b8 GetCursorPos
0x4328bc CheckDlgButton
0x4328c0 LoadAcceleratorsA
0x4328c4 ShowWindow
0x4328c8 SetMenu
0x4328cc CreatePopupMenu
0x4328d0 IsDlgButtonChecked
0x4328d4 DrawMenuBar
0x4328d8 AppendMenuA
0x4328dc PostMessageA
0x4328e0 RemoveMenu
0x4328e4 DispatchMessageA
0x4328e8 SetWindowTextA
0x4328ec UpdateWindow
0x4328f0 EnableWindow
0x4328f4 DestroyMenu
0x4328f8 LoadCursorA
0x4328fc GetDlgItemTextA
0x432900 DialogBoxParamA
0x432904 SetDlgItemTextA
0x432908 TranslateMessage
0x432910 SetSystemCursor
0x432914 SetSysColors
0x43291c WindowFromPoint
0x432920 GetAltTabInfo
0x432924 GetGUIThreadInfo
0x432928 DefMDIChildProcA
0x432930 GetMessageTime
0x432934 GetPropA
0x432938 SetParent
0x43293c MapVirtualKeyExA
0x432940 GetCaretBlinkTime
0x432944 RealGetWindowClassW
0x432948 GetSubMenu
0x432950 IsWindowVisible
0x432954 EnumThreadWindows
0x432958 DrawFocusRect
0x43295c ShowCursor
0x432960 GetClipboardData
0x432968 ReplyMessage
0x43296c GetSysColor
0x432970 OemToCharW
0x432974 ScreenToClient
0x432978 ScrollWindowEx
0x43297c DefDlgProcW
0x432980 SendNotifyMessageW
0x432984 DestroyIcon
0x43298c DdeQueryStringA
0x432990 FlashWindow
0x432994 UpdateLayeredWindow
0x432998 DdeConnectList
0x43299c UnpackDDElParam
0x4329a0 CharToOemA
0x4329a4 RealGetWindowClassA
0x4329ac WaitForInputIdle
0x4329b4 SwitchDesktop
0x4329b8 AnimateWindow
0x4329bc ShowOwnedPopups
0x4329c0 SetWindowRgn
0x4329c4 SetWindowPlacement
0x4329c8 SetWindowLongW
0x4329cc SetThreadDesktop
0x4329d0 SetPropA
0x4329d4 SetCursorPos
0x4329d8 SetClassLongW
0x4329dc SendMessageTimeoutA
0x4329e0 SendMessageTimeoutW
0x4329e8 SendMessageW
0x4329ec RemovePropA
0x4329f4 PostMessageW
0x4329f8 OffsetRect
0x432a00 LoadImageW
0x432a04 LoadIconW
0x432a08 LoadCursorW
0x432a0c LoadBitmapW
0x432a10 IsZoomed
0x432a14 IsWindowUnicode
0x432a18 IsWindowEnabled
0x432a1c IsWindow
0x432a20 IsIconic
0x432a24 InflateRect
0x432a28 GetWindowRect
0x432a2c GetWindowPlacement
0x432a30 GetWindowLongW
0x432a34 GetTopWindow
0x432a38 GetThreadDesktop
0x432a3c GetSystemMetrics
0x432a40 GetSystemMenu
0x432a44 GetParent
0x432a48 GetWindow
0x432a4c GetMessageW
0x432a50 GetMenu
0x432a54 GetForegroundWindow
0x432a58 GetDesktopWindow
0x432a5c GetClassNameA
0x432a60 GetClassLongW
0x432a64 GetAsyncKeyState
0x432a68 FrameRect
0x432a6c FindWindowExA
0x432a70 FindWindowExW
0x432a74 FindWindowW
0x432a78 EnumWindows
0x432a7c DrawTextW
0x432a80 DrawFrameControl
0x432a84 DispatchMessageW
0x432a88 DefWindowProcW
0x432a8c CreateDesktopW
0x432a90 CloseDesktop
0x432a98 CharUpperW
0x432a9c CharLowerW
0x432aa0 BringWindowToTop
0x432aa4 AttachThreadInput
0x432aa8 AdjustWindowRectEx
0x432aac EnumDisplayMonitors
0x432ab0 GetMonitorInfoW
0x432ab4 CharUpperA
Library GDI32.dll:
0x432abc LineTo
0x432ac0 SetTextColor
0x432ac4 SetBkColor
0x432ac8 CreatePen
0x432acc GetTextMetricsA
0x432ad0 CreateSolidBrush
0x432ad4 TextOutA
0x432ad8 MoveToEx
0x432adc GetEUDCTimeStampExW
0x432ae0 PolylineTo
0x432ae4 GetViewportOrgEx
0x432ae8 EnumObjects
0x432aec GetMetaRgn
0x432af0 SetPolyFillMode
0x432af4 CreatePenIndirect
0x432af8 GdiSetAttrs
0x432afc EngUnlockSurface
0x432b00 GetTextMetricsW
0x432b04 GetViewportExtEx
0x432b08 SetBrushOrgEx
0x432b0c PatBlt
0x432b10 SetBoundsRect
0x432b14 AddFontResourceExA
0x432b18 EnumFontFamiliesA
0x432b1c RoundRect
0x432b20 FONTOBJ_pifi
0x432b24 GetCharWidthI
0x432b2c OffsetViewportOrgEx
0x432b30 CreateDCW
0x432b40 IntersectClipRect
0x432b44 SetDIBitsToDevice
0x432b48 GdiPlayJournal
0x432b4c GdiFixUpHandle
0x432b54 SetBkMode
0x432b58 SelectObject
0x432b5c GetTextExtentPointW
0x432b64 DeleteObject
0x432b68 CreateRoundRectRgn
0x432b6c CreateFontIndirectW
0x432b70 BitBlt
0x432b74 GetStockObject
0x432b78 GetEnhMetaFileA
Library COMDLG32.dll:
0x432b80 GetOpenFileNameA
Library ADVAPI32.dll:
0x432b88 RegOpenKeyExA
0x432b8c RegQueryValueExA
0x432b90 RegCloseKey
0x432b94 RegUnLoadKeyW
0x432b98 RegSetValueExW
0x432b9c RegQueryValueExW
0x432ba0 RegOpenKeyExW
0x432ba4 RegLoadKeyW
0x432ba8 OpenProcessToken
0x432bac LookupAccountSidA
0x432bb0 LookupAccountSidW
0x432bb4 GetTokenInformation
0x432bb8 GetLengthSid
0x432bbc GetUserNameW
0x432bc4 CryptSetProvParam
0x432bc8 CryptGetProvParam
0x432bcc CryptDestroyHash
0x432bd0 CryptSignHashA
0x432bd4 CryptSetHashParam
0x432bd8 CryptCreateHash
0x432bdc CryptImportKey
0x432be0 CryptExportKey
0x432be4 CryptReleaseContext
0x432be8 CryptDestroyKey
0x432bec CryptGetUserKey
0x432bf4 CryptDecrypt
0x432bf8 RegOpenKeyA
Library SHELL32.dll:
0x432c00 Shell_NotifyIconA
0x432c04 SHFileOperationA
0x432c08 ShellExecuteExA
0x432c0c ShellExecuteA
0x432c10 SHGetMalloc
0x432c14 ExtractIconExA
0x432c18 SHAddToRecentDocs
0x432c28 DragQueryFileW
0x432c2c SHFileOperationW
0x432c30 ShellAboutW
0x432c34 FindExecutableW
0x432c38 DuplicateIcon
0x432c3c DragQueryFile
0x432c40 SHFormatDrive
0x432c4c DragAcceptFiles
0x432c50 Shell_NotifyIcon
0x432c54 SHGetSettings
0x432c5c SHGetDesktopFolder
0x432c64 SHGetFolderPathA
0x432c68 SHGetFileInfoA
0x432c6c ShellExecuteW
0x432c70 Shell_NotifyIconW
0x432c74 SHGetFolderPathW
Library ole32.dll:
0x432c88 OleUninitialize
0x432c8c CoTaskMemFree
0x432c90 CoCreateInstance
0x432c94 CoUninitialize
0x432c98 CoInitialize
0x432ca0 CoCreateGuid
Library SHLWAPI.dll:
0x432ca8 StrCmpNA
0x432cac StrStrIW
0x432cb0 StrChrA
0x432cb4 StrCmpNW
0x432cb8 StrCmpNIW
0x432cbc StrStrW
0x432cc0 StrRStrIA
Library COMCTL32.dll:
0x432ccc ImageList_Write
0x432cd0 ImageList_Read
0x432cd4 ImageList_GetIcon
0x432ce0 ImageList_Destroy
0x432ce4 ImageList_Create

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 53237 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50003 239.255.255.250 3702
192.168.56.101 51966 239.255.255.250 1900
192.168.56.101 58368 239.255.255.250 3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.